| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Computer gesperrt Bundespolizei 100 Euro TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
29.07.2012, 14:04
| #1 |
| |  Computer gesperrt Bundespolizei 100 Euro Trojaner Hallöchen Liebe Forengemeinde, Nun hab ich auch urplötzlich diesen Bundespolizeitrojaner wo ich 100 Euro bezahlen muss und dann wird mein Pc gesperrt auf dem Rechner....Hab mich hier und bei google auch schon durchgelesen, aber bin leider in Pc Sachen absoluter Laie.... Daher brauche ich eure Hilfe, am besten Schritt für Schritt Anleitung....hab echt so gut wie keinen Schimmer von weiter gehende Pc Sachen....  Danke schon einmal im voraus für eure Hilfe Lg eure Bella |
|
29.07.2012, 14:39
| #2 |
| /// Helfer-Team  | Computer gesperrt Bundespolizei 100 Euro Trojaner Von einem sauberen PC OTL.exe runterladen auf USB Stick. Infizierteen Rechner ohne Internet starten. OTL.exe auf Desktop kopieren und Log erstellen. Systemscan mit OTL (bebilderte Anleitung)
__________________ |
|
29.07.2012, 15:07
| #3 |
| | Computer gesperrt Bundespolizei 100 Euro Trojaner für die schnelle Antwort hier das OTL....hoffe das ist richtig so....OTL Logfile: Code:
ATTFilter OTL logfile created on: 29.07.2012 15:58:04 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\*****\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,87 Gb Total Physical Memory | 2,37 Gb Available Physical Memory | 61,32% Memory free
7,73 Gb Paging File | 5,98 Gb Available in Paging File | 77,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 458,45 Gb Total Space | 387,02 Gb Free Space | 84,42% Space Free | Partition Type: NTFS
Drive D: | 458,96 Gb Total Space | 458,80 Gb Free Space | 99,96% Space Free | Partition Type: NTFS
Drive K: | 6,67 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive L: | 3,73 Gb Total Space | 3,57 Gb Free Space | 95,47% Space Free | Partition Type: FAT32
Computer Name: *****-PC | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\******\Downloads\OTL (4).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Users\MandyMarco\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
PRC - C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Nokia)
PRC - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\OEM\USBDECTION\USBS3S4Detection.exe ()
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe (Acer Incorporated)
PRC - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer)
========== Modules (No Company Name) ==========
========== Win32 Services (SafeList) ==========
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (Updater Service) -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll ()
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (USBS3S4Detection) -- C:\OEM\USBDECTION\USBS3S4Detection.exe ()
SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (OberonGameConsoleService) -- C:\Program Files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe ()
SRV - (Greg_Service) -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (seehcri) -- C:\Windows\SysNative\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (e1kexpress) -- C:\Windows\SysNative\drivers\e1k62x64.sys (Intel Corporation)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=imedia_s3800&r=173608102516p0465v1h5y44111545
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=imedia_s3800&r=173608102516p0465v1h5y44111545
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=imedia_s3800&r=173608102516p0465v1h5y44111545
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=imedia_s3800&r=173608102516p0465v1h5y44111545
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=imedia_s3800&r=173608102516p0465v1h5y44111545
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.avg.com/?cid={4D7B8DE2-05E8-4CA4-A66F-992BC3D7B62F}&mid=4d361e1b0e784f78af3b925f24f329f7-86387b2fb7aec00a910c3dc7252a8d4e432d541f&lang=de&ds=hk011&pr=sa&d=2012-07-05 07:32:18&v=11.1.0.12&sap=hp
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKCU\..\URLSearchHook: {990af1c2-5a27-4460-8149-ecc6bc122af3} - No CLSID value found
IE - HKCU\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=112792&tt=280612_5_&babsrc=SP_ss&mntrId=30a55ccc000000000000000000000000
IE - HKCU\..\SearchScopes\{5152ACDF-F33C-4E02-8F89-0E342FDAF85F}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=LOL&o=16439&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=OY&apn_dtid=YYYYYYYYDE&apn_uid=A0B52434-7354-483B-838E-B72E6153E27E&apn_sauid=45C04659-7583-49BF-906C-95EA30A8036D
IE - HKCU\..\SearchScopes\{53396CAB-5F16-44EB-B3D3-AE088FA49F48}: "URL" = hxxp://start.funmoods.com/results.php?f=4&a=ironto&q={searchTerms}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW_deDE394
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={4D7B8DE2-05E8-4CA4-A66F-992BC3D7B62F}&mid=4d361e1b0e784f78af3b925f24f329f7-86387b2fb7aec00a910c3dc7252a8d4e432d541f&lang=de&ds=hk011&pr=sa&d=2012-07-05 07:32:18&v=11.1.0.12&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb117/?search={searchTerms}&loc=IB_DS&a=1ex6anR4tqt&i=26
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "foxsearch"
FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "foxsearch"
FF - prefs.js..browser.search.order.1,S: S", "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "foxsearch"
FF - prefs.js..browser.search.selectedEngine,S: S", "Search the web (Babylon)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://isearch.avg.com?cid=%7B17fb2e30-1949-4641-ac6a-bc9e9d716c92%7D&mid=4d361e1b0e784f78af3b925f24f329f7-86387b2fb7aec00a910c3dc7252a8d4e432d541f&ds=hk011&v=11.1.0.12&lang=de&pr=sa&d=2012-07-05%2007%3A32%3A18&sap=hp"
FF - prefs.js..browser.startup.homepage: h", "h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,h,hxxp://search.babylon.com/home?AF=100581"
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q="
FF - user.js..browser.search.selectedEngine: "foxsearch"
FF - user.js..browser.search.order.1: "foxsearch"
FF - user.js..browser.search.defaultenginename: "foxsearch"
FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.5.109: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.5.109: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\MandyMarco\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.07.29 12:08:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 11:42:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.29 12:15:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.07.05 17:56:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.07.05 08:13:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 11:42:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.29 12:15:05 | 000,000,000 | ---D | M]
[2011.06.25 13:56:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MandyMarco\AppData\Roaming\mozilla\Extensions
[2010.11.20 18:21:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MandyMarco\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.05.12 10:13:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MandyMarco\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.07.05 12:30:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MandyMarco\AppData\Roaming\mozilla\Firefox\Profiles\dh90lrum.default\extensions
[2012.01.17 13:02:29 | 000,000,000 | ---D | M] (AOL DE Toolbar) -- C:\Users\MandyMarco\AppData\Roaming\mozilla\Firefox\Profiles\dh90lrum.default\extensions\{43196362-5378-448b-8944-f097fa65e932}
[2012.06.28 11:41:10 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\MandyMarco\AppData\Roaming\mozilla\Firefox\Profiles\dh90lrum.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2012.07.29 15:30:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MandyMarco\AppData\Roaming\mozilla\Firefox\Profiles\dh90lrum.default\extensions\data
[2011.09.09 08:53:41 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\MandyMarco\AppData\Roaming\mozilla\Firefox\Profiles\dh90lrum.default\extensions\ffxtlbr@babylon.com
[2012.01.23 07:11:57 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\MandyMarco\AppData\Roaming\mozilla\Firefox\Profiles\dh90lrum.default\extensions\ffxtlbr@funmoods.com
[2011.08.30 10:43:17 | 000,002,425 | ---- | M] () -- C:\Users\MandyMarco\AppData\Roaming\Mozilla\Firefox\Profiles\dh90lrum.default\searchplugins\4-loot.xml
[2011.11.02 06:56:31 | 000,002,567 | ---- | M] () -- C:\Users\MandyMarco\AppData\Roaming\Mozilla\Firefox\Profiles\dh90lrum.default\searchplugins\askcom.xml
[2011.12.15 12:25:52 | 000,000,931 | ---- | M] () -- C:\Users\MandyMarco\AppData\Roaming\Mozilla\Firefox\Profiles\dh90lrum.default\searchplugins\conduit.xml
[2012.01.22 11:54:52 | 000,001,800 | ---- | M] () -- C:\Users\MandyMarco\AppData\Roaming\Mozilla\Firefox\Profiles\dh90lrum.default\searchplugins\funmoods.xml
[2012.01.17 13:02:28 | 000,002,205 | ---- | M] () -- C:\Users\MandyMarco\AppData\Roaming\Mozilla\Firefox\Profiles\dh90lrum.default\searchplugins\MyStart Search.xml
[2011.08.30 10:34:34 | 000,001,801 | ---- | M] () -- C:\Users\MandyMarco\AppData\Roaming\Mozilla\Firefox\Profiles\dh90lrum.default\searchplugins\search-the-web.xml
[2012.07.04 06:40:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.01 14:09:58 | 000,010,924 | ---- | M] () (No name found) -- C:\USERS\MANDYMARCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DH90LRUM.DEFAULT\EXTENSIONS\HELPERFRAMEWORK@ZONEMEDIA.COM.XPI
[2012.07.18 11:42:36 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.08 19:09:43 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.03.19 09:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\npmieze.dll
[2012.07.04 17:51:46 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2012.07.04 06:40:17 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.05 07:32:17 | 000,003,750 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.07.01 14:09:28 | 000,002,352 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.07.04 06:40:17 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.04 06:40:17 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.07.18 19:46:39 | 000,000,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\foxsearch.src
[2012.07.04 06:40:17 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.04 06:40:17 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.04 06:40:17 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - homepage: hxxp://search.conduit.com/?ctid=CT3008547&SearchSource=48
CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT3008547
CHR - default_search_provider: suggest_url = hxxp://search.conduit.com/
CHR - homepage: hxxp://search.conduit.com/?ctid=CT3008547&SearchSource=48
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\MandyMarco\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\MandyMarco\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkpcdceijednnilobgleblmagjchmofe\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Gutscheinmieze-Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\MandyMarco\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\MandyMarco\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (IEAddonBHO Class) - {47B614AF-B4CC-485B-B331-BE26F02ED4CC} - C:\Program Files (x86)\Browser Helper Object\Internet Explorer\IEAddon.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\20.0.1132.57\npchrome_frame.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\MandyMarco\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [NokiaOviSuite2] C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O18:64bit: - Protocol\Handler\gcf - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\20.0.1132.57\npchrome_frame.dll (Google Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.05.06 14:26:23 | 000,000,309 | R--- | M] () - K:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{0821e9c1-38bf-11e0-8bf6-90fba64642a0}\Shell - "" = AutoRun
O33 - MountPoints2\{0821e9c1-38bf-11e0-8bf6-90fba64642a0}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- [2007.10.23 09:45:39 | 001,336,632 | R--- | M] ()
O33 - MountPoints2\{74810a7c-a5ee-11e0-9824-90fba64642a0}\Shell - "" = AutoRun
O33 - MountPoints2\{74810a7c-a5ee-11e0-9824-90fba64642a0}\Shell\AutoRun\command - "" = K:\NokiaPCIA_Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.07.29 15:34:04 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.07.29 15:34:03 | 000,070,344 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.29 15:09:04 | 000,000,000 | ---D | C] -- C:\Users\MandyMarco\AppData\Roaming\Malwarebytes
[2012.07.29 15:09:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.29 15:08:59 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.29 15:08:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.29 15:08:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.29 12:40:21 | 000,034,656 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2012.07.29 12:40:21 | 000,025,952 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2012.07.29 12:40:21 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2012.07.29 12:40:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2012.07.29 12:39:42 | 000,000,000 | ---D | C] -- C:\Users\MandyMarco\AppData\Roaming\TuneUp Software
[2012.07.29 12:39:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2012
[2012.07.29 12:39:03 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.07.29 12:38:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.07.29 12:26:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.07.29 12:16:56 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\syncdb
[2012.07.29 11:56:35 | 000,000,000 | ---D | C] -- C:\ProgramData\pybpfglstmboajn
[2012.07.28 10:38:45 | 000,000,000 | ---D | C] -- C:\Users\MandyMarco\AppData\Local\CRE
[2012.07.27 07:54:16 | 000,000,000 | ---D | C] -- C:\Users\MandyMarco\AppData\Local\Macromedia
[2012.07.27 07:53:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2012.07.26 20:00:26 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.07.26 18:59:47 | 000,000,000 | ---D | C] -- C:\Users\MandyMarco\AppData\Roaming\Ykidde
[2012.07.12 06:09:41 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.07.12 06:09:41 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.07.12 06:09:31 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.12 06:09:19 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.07.12 06:09:18 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.07.07 11:32:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2012.07.05 07:33:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2012.07.05 07:33:55 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2012.07.05 07:33:54 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2012.07.04 18:19:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Mobile Master
[2012.07.04 18:18:11 | 000,000,000 | ---D | C] -- C:\Users\MandyMarco\AppData\Roaming\Jumping Bytes
[2012.07.04 18:15:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2012.07.04 18:15:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64
[2012.07.04 18:15:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security Scan
[2012.07.04 18:15:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64\0307020.005
[2012.07.04 18:15:34 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
[2012.07.04 18:15:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2012.07.04 17:58:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMedia Recode
[2012.07.04 17:57:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XMedia Recode
[2012.07.04 17:51:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2012.07.04 17:51:49 | 000,198,864 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2012.07.04 17:51:44 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2012.07.04 17:51:44 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2012.07.04 17:51:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2012.07.04 17:51:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2012.07.04 17:51:23 | 000,000,000 | ---D | C] -- C:\Users\MandyMarco\AppData\Roaming\Real
[2012.07.04 17:51:22 | 000,000,000 | ---D | C] -- C:\Users\MandyMarco\AppData\Local\Real
[2012.07.04 17:46:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2012.07.04 06:40:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.07.04 06:40:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.07.01 14:09:15 | 000,000,000 | ---D | C] -- C:\Users\MandyMarco\AppData\Roaming\Babylon
[2012.07.01 14:09:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.07.01 14:09:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Browser Helper Object
========== Files - Modified Within 30 Days ==========
[2012.07.29 15:49:25 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.29 15:49:25 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.29 15:49:25 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.29 15:49:25 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.29 15:49:25 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.29 15:47:06 | 000,051,475 | ---- | M] () -- C:\Users\MandyMarco\Desktop\85104-otl-otlogfile-by-oldtimer.html
[2012.07.29 15:47:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.29 15:44:13 | 000,000,120 | ---- | M] () -- C:\Users\MandyMarco\Desktop\Download.htm
[2012.07.29 15:34:04 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.07.29 15:34:03 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.29 15:13:10 | 000,001,121 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.29 14:54:42 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.29 14:54:42 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.29 14:46:36 | 000,448,336 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.29 14:46:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.29 14:45:34 | 3113,558,016 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.29 12:40:07 | 000,002,221 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.07.29 12:40:07 | 000,002,201 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2012.07.29 11:56:36 | 000,000,051 | ---- | M] () -- C:\ProgramData\sqtgyljxldktzgv
[2012.07.26 19:44:44 | 000,000,458 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for MandyMarco.job
[2012.07.19 10:48:03 | 000,001,466 | ---- | M] () -- C:\Users\MandyMarco\Documents\cc_20120719_104801.reg
[2012.07.05 12:33:03 | 000,004,594 | ---- | M] () -- C:\Users\MandyMarco\Documents\cc_20120705_123301.reg
[2012.07.05 08:12:10 | 017,596,387 | ---- | M] () -- C:\Users\MandyMarco\Desktop\Gespräch Andrea Germey am 28.01.2011, 17.51 Uhr.zip
[2012.07.05 07:33:59 | 000,002,273 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2012.07.04 19:51:21 | 000,000,216 | ---- | M] () -- C:\Users\MandyMarco\Desktop\SMS 2 ANDREAGermey.csv
[2012.07.04 19:48:21 | 000,001,660 | ---- | M] () -- C:\Users\MandyMarco\Desktop\SMS ANDREA Germey.csv
[2012.07.04 19:44:01 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2012.07.04 18:00:41 | 020,867,072 | ---- | M] () -- C:\Users\MandyMarco\Desktop\Gespräch Andrea Germey am 28.01.2011, 17.51 Uhr.vob
[2012.07.04 17:51:49 | 000,198,864 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2012.07.04 17:51:44 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2012.07.04 17:51:44 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.01 14:09:41 | 000,000,988 | ---- | M] () -- C:\user.js
========== Files Created - No Company Name ==========
[2012.07.29 15:47:13 | 000,051,475 | ---- | C] () -- C:\Users\MandyMarco\Desktop\85104-otl-otlogfile-by-oldtimer.html
[2012.07.29 15:44:17 | 000,000,120 | ---- | C] () -- C:\Users\MandyMarco\Desktop\Download.htm
[2012.07.29 15:34:04 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.29 15:09:00 | 000,001,121 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.29 12:40:07 | 000,002,221 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.07.29 12:40:07 | 000,002,213 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2012.07.29 12:40:07 | 000,002,201 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2012.07.29 11:53:04 | 000,000,051 | ---- | C] () -- C:\ProgramData\sqtgyljxldktzgv
[2012.07.19 10:48:02 | 000,001,466 | ---- | C] () -- C:\Users\MandyMarco\Documents\cc_20120719_104801.reg
[2012.07.05 17:56:22 | 000,002,110 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2012.07.05 12:33:02 | 000,004,594 | ---- | C] () -- C:\Users\MandyMarco\Documents\cc_20120705_123301.reg
[2012.07.05 08:12:09 | 017,596,387 | ---- | C] () -- C:\Users\MandyMarco\Desktop\Gespräch Andrea Germey am 28.01.2011, 17.51 Uhr.zip
[2012.07.05 07:33:59 | 000,002,273 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2012.07.04 19:51:21 | 000,000,216 | ---- | C] () -- C:\Users\MandyMarco\Desktop\SMS 2 ANDREAGermey.csv
[2012.07.04 19:48:21 | 000,001,660 | ---- | C] () -- C:\Users\MandyMarco\Desktop\SMS ANDREA Germey.csv
[2012.07.04 19:44:01 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2012.07.04 18:15:51 | 000,000,458 | -H-- | C] () -- C:\Windows\tasks\Norton Security Scan for MandyMarco.job
[2012.07.04 18:15:36 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NSSx64\0307020.005\isolate.ini
[2012.07.04 18:00:37 | 020,867,072 | ---- | C] () -- C:\Users\MandyMarco\Desktop\Gespräch Andrea Germey am 28.01.2011, 17.51 Uhr.vob
[2011.07.04 15:56:41 | 000,006,144 | ---- | C] () -- C:\Users\MandyMarco\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.01 12:36:34 | 000,000,000 | ---- | C] () -- C:\Users\MandyMarco\AppData\Local\{88895E5D-873D-4AB2-80D9-9DA5BADC5D3D}
[2011.06.07 14:39:14 | 000,065,635 | ---- | C] () -- C:\Users\MandyMarco\.recently-used.xbel
[2011.03.25 13:24:41 | 000,032,608 | ---- | C] () -- C:\Windows\king-uninstall.exe
[2010.12.15 19:19:12 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2010.10.29 19:17:00 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.08.30 06:31:14 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.08.29 21:34:34 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.11.17 20:56:43 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
========== LOP Check ==========
[2010.10.15 14:09:27 | 000,000,000 | -HSD | M] -- C:\Users\MandyMarco\AppData\Roaming\.#
[2010.12.24 13:23:16 | 000,000,000 | ---D | M] -- C:\Users\MandyMarco\AppData\Roaming\Ashampoo
[2012.07.01 14:09:15 | 000,000,000 | ---D | M] -- C:\Users\MandyMarco\AppData\Roaming\Babylon
[2012.01.22 11:50:59 | 000,000,000 | ---D | M] -- C:\Users\MandyMarco\AppData\Roaming\DVDVideoSoft
[2011.12.22 11:44:48 | 000,000,000 | ---D | M] -- C:\Users\MandyMarco\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.10.15 14:07:04 | 000,000,000 | ---D | M] -- C:\Users\MandyMarco\AppData\Roaming\GameConsole
[2011.06.07 14:39:21 | 000,000,000 | ---D | M] -- C:\Users\MandyMarco\AppData\Roaming\gtk-2.0
[2011.08.26 16:01:32 | 000,000,000 | ---D | M] -- C:\Users\MandyMarco\AppData\Roaming\Gutscheinmieze
[2012.07.04 18:18:11 | 000,000,000 | ---D | M] -- C:\Users\MandyMarco\AppData\Roaming\Jumping Bytes
[2010.12.15 19:21:41 | 000,000,000 | ---D | M] -- C:\Users\MandyMarco\AppData\Roaming\MAGIX
[2011.07.04 15:58:21 | 000,000,000 | ---D | M] -- C:\Users\MandyMarco\AppData\Roaming\Nokia
[2012.01.17 13:02:17 | 000,000,000 | ---D | M] -- C:\Users\MandyMarco\AppData\Roaming\OpenCandy
[2010.09.01 07:43:46 | 000,000,000 | ---D | M] -- C:\Users\MandyMarco\AppData\Roaming\OpenOffice.org
[2010.11.04 19:05:58 | 000,000,000 | ---D | M] -- C:\Users\MandyMarco\AppData\Roaming\Opera
[2011.07.04 15:58:59 | 000,000,000 | ---D | M] -- C:\Users\MandyMarco\AppData\Roaming\PC Suite
[2012.03.27 13:18:19 | 000,000,000 | ---D | M] -- C:\Users\MandyMarco\AppData\Roaming\PhotoScape
[2010.10.15 14:03:54 | 000,000,000 | ---D | M] -- C:\Users\MandyMarco\AppData\Roaming\PlayFirst
[2011.05.07 17:03:28 | 000,000,000 | ---D | M] -- C:\Users\MandyMarco\AppData\Roaming\Simfy
[2010.11.20 18:21:43 | 000,000,000 | ---D | M] -- C:\Users\MandyMarco\AppData\Roaming\Thunderbird
[2011.05.12 10:13:52 | 000,000,000 | ---D | M] -- C:\Users\MandyMarco\AppData\Roaming\TomTom
[2012.07.29 12:39:42 | 000,000,000 | ---D | M] -- C:\Users\MandyMarco\AppData\Roaming\TuneUp Software
[2010.10.15 14:05:44 | 000,000,000 | ---D | M] -- C:\Users\MandyMarco\AppData\Roaming\ViquaSoft
[2012.01.17 11:12:20 | 000,000,000 | ---D | M] -- C:\Users\MandyMarco\AppData\Roaming\Xilisoft
[2012.01.17 11:49:07 | 000,000,000 | ---D | M] -- C:\Users\MandyMarco\AppData\Roaming\XMedia Recode
[2012.07.26 19:00:01 | 000,000,000 | ---D | M] -- C:\Users\MandyMarco\AppData\Roaming\Ykidde
[2012.05.31 14:55:29 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:AB689DEA
< End of report >
|
|
29.07.2012, 19:00
| #4 |
| /// Helfer-Team | Computer gesperrt Bundespolizei 100 Euro Trojaner Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll ()
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKCU\..\URLSearchHook: {990af1c2-5a27-4460-8149-ecc6bc122af3} - No CLSID value found
IE - HKCU\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=112792&tt=280612_5_&babsrc=SP_ss&mntrId=30a55ccc000000000000000000000000
IE - HKCU\..\SearchScopes\{5152ACDF-F33C-4E02-8F89-0E342FDAF85F}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=LOL&o=16439&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=OY&apn_dtid=YYYYYYYYDE&apn_uid=A0B52434-7354-483B-838E-B72E6153E27E&apn_sauid=45C04659-7583-49BF-906C-95EA30A8036D
IE - HKCU\..\SearchScopes\{53396CAB-5F16-44EB-B3D3-AE088FA49F48}: "URL" = http://start.funmoods.com/results.php?f=4&a=ironto&q={searchTerms}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW_deDE394
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={4D7B8DE2-05E8-4CA4-A66F-992BC3D7B62F}&mid=4d361e1b0e784f78af3b925f24f329f7-86387b2fb7aec00a910c3dc7252a8d4e432d541f&lang=de&ds=hk011&pr=sa&d=2012-07-05 07:32:18&v=11.1.0.12&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb117/?search={searchTerms}&loc=IB_DS&a=1ex6anR4tqt&i=26
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "foxsearch"
FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "foxsearch"
FF - prefs.js..browser.search.order.1,S: S", "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "foxsearch"
FF - prefs.js..browser.search.selectedEngine,S: S", "Search the web (Babylon)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://isearch.avg.com?cid=%7B17fb2e30-1949-4641-ac6a-bc9e9d716c92%7D&mid=4d361e1b0e784f78af3b925f24f329f7-86387b2fb7aec00a910c3dc7252a8d4e432d541f&ds=hk011&v=11.1.0.12&lang=de&pr=sa&d=2012-07-05%2007%3A32%3A18&sap=hp"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q="
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\MandyMarco\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.07.29 12:08:16 | 000,000,000 | ---D | M]
[2012.01.17 13:02:29 | 000,000,000 | ---D | M] (AOL DE Toolbar) -- C:\Users\MandyMarco\AppData\Roaming\mozilla\Firefox\Profiles\dh90lrum.default\extensions\{43196362-5378-448b-8944-f097fa65e932}
[2012.06.28 11:41:10 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\MandyMarco\AppData\Roaming\mozilla\Firefox\Profiles\dh90lrum.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2012.07.29 15:30:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MandyMarco\AppData\Roaming\mozilla\Firefox\Profiles\dh90lrum.default\extensions\data
[2011.09.09 08:53:41 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\MandyMarco\AppData\Roaming\mozilla\Firefox\Profiles\dh90lrum.default\extensions\ffxtlbr@babylon.com
[2012.01.23 07:11:57 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\MandyMarco\AppData\Roaming\mozilla\Firefox\Profiles\dh90lrum.default\extensions\ffxtlbr@funmoods.com
CHR - homepage: http://search.conduit.com/?ctid=CT3008547&SearchSource=48
CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT3008547
CHR - default_search_provider: suggest_url = http://search.conduit.com/
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\MandyMarco\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkpcdceijednnilobgleblmagjchmofe\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\MandyMarco\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Key error.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.05.06 14:26:23 | 000,000,309 | R--- | M] () - K:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{0821e9c1-38bf-11e0-8bf6-90fba64642a0}\Shell - "" = AutoRun
O33 - MountPoints2\{0821e9c1-38bf-11e0-8bf6-90fba64642a0}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- [2007.10.23 09:45:39 | 001,336,632 | R--- | M] ()
O33 - MountPoints2\{74810a7c-a5ee-11e0-9824-90fba64642a0}\Shell - "" = AutoRun
O33 - MountPoints2\{74810a7c-a5ee-11e0-9824-90fba64642a0}\Shell\AutoRun\command - "" = K:\NokiaPCIA_Autorun.exe
[2012.07.29 11:56:35 | 000,000,000 | ---D | C] -- C:\ProgramData\pybpfglstmboajn
[2012.07.26 18:59:47 | 000,000,000 | ---D | C] -- C:\Users\MandyMarco\AppData\Roaming\Ykidde
[2012.07.04 18:18:11 | 000,000,000 | ---D | C] -- C:\Users\MandyMarco\AppData\Roaming\Jumping Bytes
[2012.07.04 18:15:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2012.07.01 14:09:15 | 000,000,000 | ---D | C] -- C:\Users\MandyMarco\AppData\Roaming\Babylon
[2012.07.01 14:09:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.07.29 11:56:36 | 000,000,051 | ---- | M] () -- C:\ProgramData\sqtgyljxldktzgv
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:AB689DEA
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! |
|
30.07.2012, 05:29
| #5 |
| | Computer gesperrt Bundespolizei 100 Euro Trojaner Guten Morgen....  Erst einmal großes Lob an dieses Forum und vor allem an tjohn, für die schnellen Antworten....und hier das LOg Code:
ATTFilter All processes killed
========== OTL ==========
Service Akamai stopped successfully!
Service Akamai deleted successfully!
c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{990af1c2-5a27-4460-8149-ecc6bc122af3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{990af1c2-5a27-4460-8149-ecc6bc122af3}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5152ACDF-F33C-4E02-8F89-0E342FDAF85F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5152ACDF-F33C-4E02-8F89-0E342FDAF85F}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{53396CAB-5F16-44EB-B3D3-AE088FA49F48}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53396CAB-5F16-44EB-B3D3-AE088FA49F48}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "foxsearch" removed from browser.search.defaultenginename
Prefs.js: "DVDVideoSoftTB Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "foxsearch" removed from browser.search.order.1
Prefs.js: S", "Search the web (Babylon)" removed from browser.search.order.1,S
Prefs.js: "foxsearch" removed from browser.search.selectedEngine
Prefs.js: S", "Search the web (Babylon)" removed from browser.search.selectedEngine,S
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://isearch.avg.com?cid=%7B17fb2e30-1949-4641-ac6a-bc9e9d716c92%7D&mid=4d361e1b0e784f78af3b925f24f329f7-86387b2fb7aec00a910c3dc7252a8d4e432d541f&ds=hk011&v=11.1.0.12&lang=de&pr=sa&d=2012-07-05%2007%3A32%3A18&sap=hp" removed from browser.startup.homepage
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=" removed from keyword.URL
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0\ deleted successfully.
C:\Users\MandyMarco\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll moved successfully.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext not found.
C:\Users\MandyMarco\AppData\Roaming\mozilla\Firefox\Profiles\dh90lrum.default\extensions\{43196362-5378-448b-8944-f097fa65e932}\META-INF folder moved successfully.
C:\Users\MandyMarco\AppData\Roaming\mozilla\Firefox\Profiles\dh90lrum.default\extensions\{43196362-5378-448b-8944-f097fa65e932}\components folder moved successfully.
C:\Users\MandyMarco\AppData\Roaming\mozilla\Firefox\Profiles\dh90lrum.default\extensions\{43196362-5378-448b-8944-f097fa65e932}\chrome folder moved successfully.
C:\Users\MandyMarco\AppData\Roaming\mozilla\Firefox\Profiles\dh90lrum.default\extensions\{43196362-5378-448b-8944-f097fa65e932} folder moved successfully.
C:\Users\MandyMarco\AppData\Roaming\mozilla\Firefox\Profiles\dh90lrum.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\searchplugin folder moved successfully.
C:\Users\MandyMarco\AppData\Roaming\mozilla\Firefox\Profiles\dh90lrum.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\Plugins folder moved successfully.
C:\Users\MandyMarco\AppData\Roaming\mozilla\Firefox\Profiles\dh90lrum.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\modules folder moved successfully.
C:\Users\MandyMarco\AppData\Roaming\mozilla\Firefox\Profiles\dh90lrum.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\META-INF folder moved successfully.
C:\Users\MandyMarco\AppData\Roaming\mozilla\Firefox\Profiles\dh90lrum.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\defaults folder moved successfully.
C:\Users\MandyMarco\AppData\Roaming\mozilla\Firefox\Profiles\dh90lrum.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components folder moved successfully.
C:\Users\MandyMarco\AppData\Roaming\mozilla\Firefox\Profiles\dh90lrum.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\chrome folder moved successfully.
C:\Users\MandyMarco\AppData\Roaming\mozilla\Firefox\Profiles\dh90lrum.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} folder moved successfully.
C:\Users\MandyMarco\AppData\Roaming\mozilla\Firefox\Profiles\dh90lrum.default\extensions\data folder moved successfully.
C:\Users\MandyMarco\AppData\Roaming\mozilla\Firefox\Profiles\dh90lrum.default\extensions\ffxtlbr@babylon.com\defaults\preferences folder moved successfully.
C:\Users\MandyMarco\AppData\Roaming\mozilla\Firefox\Profiles\dh90lrum.default\extensions\ffxtlbr@babylon.com\defaults folder moved successfully.
C:\Users\MandyMarco\AppData\Roaming\mozilla\Firefox\Profiles\dh90lrum.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio folder moved successfully.
C:\Users\MandyMarco\AppData\Roaming\mozilla\Firefox\Profiles\dh90lrum.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs folder moved successfully.
C:\Users\MandyMarco\AppData\Roaming\mozilla\Firefox\Profiles\dh90lrum.default\extensions\ffxtlbr@babylon.com\content\imgs folder moved successfully.
C:\Users\MandyMarco\AppData\Roaming\mozilla\Firefox\Profiles\dh90lrum.default\extensions\ffxtlbr@babylon.com\content folder moved successfully.
C:\Users\MandyMarco\AppData\Roaming\mozilla\Firefox\Profiles\dh90lrum.default\extensions\ffxtlbr@babylon.com\components folder moved successfully.
C:\Users\MandyMarco\AppData\Roaming\mozilla\Firefox\Profiles\dh90lrum.default\extensions\ffxtlbr@babylon.com folder moved successfully.
C:\Users\MandyMarco\AppData\Roaming\mozilla\Firefox\Profiles\dh90lrum.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs folder moved successfully.
C:\Users\MandyMarco\AppData\Roaming\mozilla\Firefox\Profiles\dh90lrum.default\extensions\ffxtlbr@funmoods.com\content\imgs folder moved successfully.
C:\Users\MandyMarco\AppData\Roaming\mozilla\Firefox\Profiles\dh90lrum.default\extensions\ffxtlbr@funmoods.com\content folder moved successfully.
C:\Users\MandyMarco\AppData\Roaming\mozilla\Firefox\Profiles\dh90lrum.default\extensions\ffxtlbr@funmoods.com folder moved successfully.
Use Chrome's Settings page to change the HomePage.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
File C:\Users\MandyMarco\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkpcdceijednnilobgleblmagjchmofe\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll not found.
File C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface not found.
C:\Users\MandyMarco\AppData\Local\Akamai\netsession_win.exe moved successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File K:\autorun.inf not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0821e9c1-38bf-11e0-8bf6-90fba64642a0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0821e9c1-38bf-11e0-8bf6-90fba64642a0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0821e9c1-38bf-11e0-8bf6-90fba64642a0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0821e9c1-38bf-11e0-8bf6-90fba64642a0}\ not found.
File K:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74810a7c-a5ee-11e0-9824-90fba64642a0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74810a7c-a5ee-11e0-9824-90fba64642a0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74810a7c-a5ee-11e0-9824-90fba64642a0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74810a7c-a5ee-11e0-9824-90fba64642a0}\ not found.
File K:\NokiaPCIA_Autorun.exe not found.
C:\ProgramData\pybpfglstmboajn folder moved successfully.
C:\Users\MandyMarco\AppData\Roaming\Ykidde folder moved successfully.
C:\Users\MandyMarco\AppData\Roaming\Jumping Bytes\Mobile Master 8.1.0\install folder moved successfully.
C:\Users\MandyMarco\AppData\Roaming\Jumping Bytes\Mobile Master 8.1.0 folder moved successfully.
C:\Users\MandyMarco\AppData\Roaming\Jumping Bytes folder moved successfully.
C:\ProgramData\Symantec\Definitions\SymcData\VirusDefs-2.5-E\newdefs-trigger folder moved successfully.
C:\ProgramData\Symantec\Definitions\SymcData\VirusDefs-2.5-E\BinHub folder moved successfully.
C:\ProgramData\Symantec\Definitions\SymcData\VirusDefs-2.5-E\20120720.024 folder moved successfully.
C:\ProgramData\Symantec\Definitions\SymcData\VirusDefs-2.5-E folder moved successfully.
C:\ProgramData\Symantec\Definitions\SymcData folder moved successfully.
C:\ProgramData\Symantec\Definitions folder moved successfully.
C:\ProgramData\Symantec folder moved successfully.
C:\Users\MandyMarco\AppData\Roaming\Babylon folder moved successfully.
C:\ProgramData\Babylon folder moved successfully.
C:\ProgramData\sqtgyljxldktzgv moved successfully.
ADS C:\ProgramData\TEMP:4CF61E54 deleted successfully.
ADS C:\ProgramData\TEMP:AB689DEA deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\MandyMarco\Desktop\cmd.bat deleted successfully.
C:\Users\MandyMarco\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: MandyMarco
->Temp folder emptied: 8048162 bytes
->Temporary Internet Files folder emptied: 552175 bytes
->Java cache emptied: 411605194 bytes
->FireFox cache emptied: 500842482 bytes
->Google Chrome cache emptied: 389969490 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 13067 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4016604 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1.254,00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: MandyMarco
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.55.0 log created on 07302012_061742
Files\Folders moved on Reboot...
C:\Users\MandyMarco\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
File C:\Users\MandyMarco\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
Registry entries deleted on Reboot...
|
|
30.07.2012, 15:08
| #6 |
| /// Helfer-Team | Computer gesperrt Bundespolizei 100 Euro Trojaner Sehr gut!  Wie laeuft der Rechner? 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ --> Computer gesperrt Bundespolizei 100 Euro Trojaner |
|
01.08.2012, 12:40
| #7 |
| | Computer gesperrt Bundespolizei 100 Euro Trojaner Huhu, Sorry konnte die letzten Tage nicht antworten, jetzt bin ich wieder da....hier die gewünschten Log... Hat den Malwarebytes schon vorher mal durchlaufen lassen also hier 2 Logs Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.29.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 MandyMarco :: MANDYMARCO-PC [Administrator] Schutz: Aktiviert 29.07.2012 16:41:44 mbam-log-2012-07-29 (17-39-32).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 421956 Laufzeit: 56 Minute(n), 12 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 6 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\AppID\IEAddon.DLL (Rogue.UnVirex) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\MandyMarco\Downloads\SoftonicDownloader_fuer_xmedia-recode.exe (PUP.BundleOffer.Downloader.S) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.30.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 MandyMarco :: MANDYMARCO-PC [Administrator] Schutz: Aktiviert 30.07.2012 16:41:50 mbam-log-2012-07-30 (16-41-50).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 142632 Laufzeit: 26 Minute(n), 46 Sekunde(n) [Abgebrochen] Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter # AdwCleaner v1.703 - Logfile created 08/01/2012 at 13:36:27
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : MandyMarco - MANDYMARCO-PC
# Running from : C:\Users\MandyMarco\Downloads\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
Folder Found : C:\Users\MandyMarco\AppData\Local\Conduit
Folder Found : C:\Users\MandyMarco\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\MandyMarco\AppData\LocalLow\Conduit
Folder Found : C:\Users\MandyMarco\AppData\LocalLow\Funmoods
Folder Found : C:\Users\MandyMarco\AppData\LocalLow\Incredibar.com
Folder Found : C:\Users\MandyMarco\AppData\Roaming\OpenCandy
Folder Found : C:\Users\MandyMarco\AppData\Roaming\Mozilla\Firefox\Profiles\dh90lrum.default\ConduitCommon
Folder Found : C:\Program Files\Babylon
Folder Found : C:\Program Files (x86)\Conduit
File Found : C:\Users\MandyMarco\AppData\Roaming\Mozilla\Firefox\Profiles\dh90lrum.default\searchplugins\Askcom.xml
File Found : C:\Users\MandyMarco\AppData\Roaming\Mozilla\Firefox\Profiles\dh90lrum.default\searchplugins\Conduit.xml
File Found : C:\Users\MandyMarco\AppData\Roaming\Mozilla\Firefox\Profiles\dh90lrum.default\searchplugins\funmoods.xml
File Found : C:\Users\MandyMarco\AppData\Roaming\Mozilla\Firefox\Profiles\dh90lrum.default\searchplugins\MyStart Search.xml
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2269050[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2475029[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2724407
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\BabylonToolbar
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Found : HKLM\SOFTWARE\Software
[x64] Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
[x64] Key Found : HKCU\Software\BabylonToolbar
[x64] Key Found : HKCU\Software\IGearSettings
[x64] Key Found : HKCU\Software\IM
[x64] Key Found : HKCU\Software\ImInstaller
[x64] Key Found : HKCU\Software\Softonic
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
***** [Registre - GUID] *****
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.7601.17514
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://isearch.avg.com/?cid={4D7B8DE2-05E8-4CA4-A66F-992BC3D7B62F}&mid=4d361e1b0e784f78af3b925f24f329f7-86387b2fb7aec00a910c3dc7252a8d4e432d541f&lang=de&ds=hk011&pr=sa&d=2012-07-05 07:32:18&v=11.1.0.12&sap=hp
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affid=112792&tt=280612_5_&babsrc=nt_ss&mntrid=30a55ccc000000000000000000000000
-\\ Mozilla Firefox v14.0.1 (de)
Profile name : default
File : C:\Users\MandyMarco\AppData\Roaming\Mozilla\Firefox\Profiles\dh90lrum.default\prefs.js
Found : user_pref("CT2269050..clientLogIsEnabled", false);
Found : user_pref("CT2269050..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2269050..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2269050.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2269050.BrowserCompStateIsOpen_129681780741097243", true);
Found : user_pref("CT2269050.BrowserCompStateIsOpen_129853623028165512", true);
Found : user_pref("CT2269050.CTID", "CT2269050");
Found : user_pref("CT2269050.CurrentServerDate", "29-7-2012");
Found : user_pref("CT2269050.DSInstall", true);
Found : user_pref("CT2269050.DialogsAlignMode", "LTR");
Found : user_pref("CT2269050.DialogsGetterLastCheckTime", "Thu Jul 26 2012 19:52:33 GMT+0200");
Found : user_pref("CT2269050.DownloadReferralCookieData", "");
Found : user_pref("CT2269050.EMailNotifierPollDate", "Thu Dec 22 2011 10:55:34 GMT+0100");
Found : user_pref("CT2269050.FirstServerDate", "22-12-2011");
Found : user_pref("CT2269050.FirstTime", true);
Found : user_pref("CT2269050.FirstTimeFF3", true);
Found : user_pref("CT2269050.FixPageNotFoundErrors", true);
Found : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2269050.HPInstall", true);
Found : user_pref("CT2269050.HasUserGlobalKeys", true);
Found : user_pref("CT2269050.HomePageProtectorEnabled", true);
Found : user_pref("CT2269050.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=[...]
Found : user_pref("CT2269050.Initialize", true);
Found : user_pref("CT2269050.InitializeCommonPrefs", true);
Found : user_pref("CT2269050.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2269050.InstallationType", "UnknownIntegration");
Found : user_pref("CT2269050.InstalledDate", "Thu Dec 22 2011 10:45:32 GMT+0100");
Found : user_pref("CT2269050.InvalidateCache", false);
Found : user_pref("CT2269050.IsGrouping", false);
Found : user_pref("CT2269050.IsInitSetupIni", true);
Found : user_pref("CT2269050.IsMulticommunity", false);
Found : user_pref("CT2269050.IsOpenThankYouPage", false);
Found : user_pref("CT2269050.IsOpenUninstallPage", false);
Found : user_pref("CT2269050.IsProtectorsInit", true);
Found : user_pref("CT2269050.LanguagePackLastCheckTime", "Sun Jul 29 2012 15:30:03 GMT+0200");
Found : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2269050.LastLogin_3.12.0.7", "Fri Apr 27 2012 17:54:29 GMT+0200");
Found : user_pref("CT2269050.LastLogin_3.12.2.3", "Wed May 30 2012 17:32:26 GMT+0200");
Found : user_pref("CT2269050.LastLogin_3.13.0.6", "Thu Jun 28 2012 10:28:39 GMT+0200");
Found : user_pref("CT2269050.LastLogin_3.14.1.0", "Sun Jul 29 2012 19:30:57 GMT+0200");
Found : user_pref("CT2269050.LastLogin_3.8.1.0", "Thu Dec 22 2011 10:45:34 GMT+0100");
Found : user_pref("CT2269050.LatestVersion", "3.14.1.0");
Found : user_pref("CT2269050.Locale", "en");
Found : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Found : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Found : user_pref("CT2269050.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT2269050.OriginalFirstVersion", "3.8.1.0");
Found : user_pref("CT2269050.RadioIsPodcast", false);
Found : user_pref("CT2269050.RadioLastCheckTime", "Thu Dec 22 2011 10:45:34 GMT+0100");
Found : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Found : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Found : user_pref("CT2269050.RadioMediaID", "12473383");
Found : user_pref("CT2269050.RadioMediaType", "Media Player");
Found : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Found : user_pref("CT2269050.RadioShrinkedFromSetup", false);
Found : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Found : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Found : user_pref("CT2269050.SavedHomepage", "hxxp://search.babylon.com/home?AF=8836");
Found : user_pref("CT2269050.SearchCaption", "DVDVideoSoftTB Customized Web Search");
Found : user_pref("CT2269050.SearchEngineBeforeUnload", "DVDVideoSoftTB Customized Web Search");
Found : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Found : user_pref("CT2269050.SearchInNewTabEnabled", true);
Found : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Sun Jul 29 2012 15:30:01 GMT+0200");
Found : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Found : user_pref("CT2269050.SearchProtectorEnabled", true);
Found : user_pref("CT2269050.SearchProtectorToolbarDisabled", false);
Found : user_pref("CT2269050.SendProtectorDataViaLogin", true);
Found : user_pref("CT2269050.ServiceMapLastCheckTime", "Sun Jul 29 2012 15:30:03 GMT+0200");
Found : user_pref("CT2269050.SettingsLastCheckTime", "Sun Jul 29 2012 19:30:55 GMT+0200");
Found : user_pref("CT2269050.SettingsLastUpdate", "1341904940");
Found : user_pref("CT2269050.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13");
Found : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Thu Dec 22 2011 10:45:30 GMT+0100");
Found : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1312887586");
Found : user_pref("CT2269050.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT2269050.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2269050");
Found : user_pref("CT2269050.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT2269050.UserID", "UN20331080851063832");
Found : user_pref("CT2269050.ValidationData_Toolbar", 1);
Found : user_pref("CT2269050.WeatherNetwork", "");
Found : user_pref("CT2269050.WeatherPollDate", "Thu Dec 22 2011 10:45:33 GMT+0100");
Found : user_pref("CT2269050.WeatherUnit", "C");
Found : user_pref("CT2269050.alertChannelId", "666138");
Found : user_pref("CT2269050.autoDisableScopes", -1);
Found : user_pref("CT2269050.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D4[...]
Found : user_pref("CT2269050.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]
Found : user_pref("CT2269050.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]
Found : user_pref("CT2269050.backendstorage./9b+7e.:2z527", "247E70756B74757945473D3E3C3D3F3B224D4245327A342[...]
Found : user_pref("CT2269050.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]
Found : user_pref("CT2269050.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]
Found : user_pref("CT2269050.backendstorage./9b+7e06cg5el8:", "6E6D6F6E6E706E747675");
Found : user_pref("CT2269050.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A747375747476747A7C7B242F4B4947[...]
Found : user_pref("CT2269050.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]
Found : user_pref("CT2269050.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]
Found : user_pref("CT2269050.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]
Found : user_pref("CT2269050.backendstorage./9b+7e31;cj7fk;kg#ncep@mc+vkn", "247E61393F236B25737471712A212C6[...]
Found : user_pref("CT2269050.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]
Found : user_pref("CT2269050.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]
Found : user_pref("CT2269050.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]
Found : user_pref("CT2269050.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]
Found : user_pref("CT2269050.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347474[...]
Found : user_pref("CT2269050.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]
Found : user_pref("CT2269050.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]
Found : user_pref("CT2269050.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]
Found : user_pref("CT2269050.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]
Found : user_pref("CT2269050.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]
Found : user_pref("CT2269050.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]
Found : user_pref("CT2269050.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]
Found : user_pref("CT2269050.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]
Found : user_pref("CT2269050.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]
Found : user_pref("CT2269050.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]
Found : user_pref("CT2269050.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]
Found : user_pref("CT2269050.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]
Found : user_pref("CT2269050.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]
Found : user_pref("CT2269050.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]
Found : user_pref("CT2269050.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215[...]
Found : user_pref("CT2269050.backendstorage./9b-0?3g>d", "3B3B6D694274726F7A74777347207D4B4C7D257E7C537E2A20[...]
Found : user_pref("CT2269050.backendstorage./9b-0?3g@6:5;", "");
Found : user_pref("CT2269050.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
Found : user_pref("CT2269050.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F297B7E7D21202F26313E424[...]
Found : user_pref("CT2269050.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
Found : user_pref("CT2269050.backendstorage./9b3=>@44i48?", "372C2D32697576334236334148477A213F3E484F4E4D464[...]
Found : user_pref("CT2269050.backendstorage./9b5ba==9cjag", "6F6A6F3C6B7040737A46454475737D7A4B797A7A4F");
Found : user_pref("CT2269050.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6F6E6E706E75737672747A");
Found : user_pref("CT2269050.backendstorage./9b9643g3/9e", "6A");
Found : user_pref("CT2269050.backendstorage./9b<:222h64<", "393F352F3E");
Found : user_pref("CT2269050.backendstorage./9b=+03eh8h8j?:", "4443");
Found : user_pref("CT2269050.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]
Found : user_pref("CT2269050.backendstorage./9b?b0d:8aj62<h", "6D");
Found : user_pref("CT2269050.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
Found : user_pref("CT2269050.backendstorage.shoppingapp.gk.exipres", "5475652044656320323720323031312031303A[...]
Found : user_pref("CT2269050.backendstorage.shoppingapp.gk.geolocation", "6765726D616E79");
Found : user_pref("CT2269050.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT2269050.globalFirstTimeInfoLastCheckTime", "Thu Dec 22 2011 10:45:31 GMT+0100");
Found : user_pref("CT2269050.homepageProtectorEnableByLogin", true);
Found : user_pref("CT2269050.initDone", true);
Found : user_pref("CT2269050.isAppTrackingManagerOn", true);
Found : user_pref("CT2269050.isFirstRadioInstallation", false);
Found : user_pref("CT2269050.myStuffEnabled", true);
Found : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2269050.revertSettingsEnabled", true);
Found : user_pref("CT2269050.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT2269050.searchProtectorEnableByLogin", true);
Found : user_pref("CT2269050.testingCtid", "");
Found : user_pref("CT2269050.toolbarAppMetaDataLastCheckTime", "Sun Jul 29 2012 15:30:03 GMT+0200");
Found : user_pref("CT2269050.toolbarContextMenuLastCheckTime", "Thu Dec 22 2011 10:45:34 GMT+0100");
Found : user_pref("CT2269050.usagesFlag", 2);
Found : user_pref("CT2724407..clientLogIsEnabled", true);
Found : user_pref("CT2724407..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2724407..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2724407.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2724407.CTID", "ct2724407");
Found : user_pref("CT2724407.CurrentServerDate", "31-8-2011");
Found : user_pref("CT2724407.DialogsAlignMode", "LTR");
Found : user_pref("CT2724407.DialogsGetterLastCheckTime", "Wed Aug 31 2011 11:13:39 GMT+0200");
Found : user_pref("CT2724407.DownloadReferralCookieData", "");
Found : user_pref("CT2724407.FirstServerDate", "26-8-2011");
Found : user_pref("CT2724407.FirstTime", true);
Found : user_pref("CT2724407.FirstTimeFF3", true);
Found : user_pref("CT2724407.FixPageNotFoundErrors", false);
Found : user_pref("CT2724407.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2724407.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2724407.HasUserGlobalKeys", true);
Found : user_pref("CT2724407.Initialize", true);
Found : user_pref("CT2724407.InitializeCommonPrefs", true);
Found : user_pref("CT2724407.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2724407.InstallationId", "ConduitStubGeneric");
Found : user_pref("CT2724407.InstallationType", "ConduitStubIntegration");
Found : user_pref("CT2724407.InstalledDate", "Fri Aug 26 2011 15:52:00 GMT+0200");
Found : user_pref("CT2724407.InvalidateCache", false);
Found : user_pref("CT2724407.IsAlertDBUpdated", true);
Found : user_pref("CT2724407.IsGrouping", false);
Found : user_pref("CT2724407.IsInitSetupIni", true);
Found : user_pref("CT2724407.IsMulticommunity", false);
Found : user_pref("CT2724407.IsOpenThankYouPage", false);
Found : user_pref("CT2724407.IsOpenUninstallPage", true);
Found : user_pref("CT2724407.LanguagePackLastCheckTime", "Fri Aug 26 2011 15:52:04 GMT+0200");
Found : user_pref("CT2724407.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2724407.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2724407.LastLogin_3.6.0.10", "Wed Aug 31 2011 11:13:39 GMT+0200");
Found : user_pref("CT2724407.LatestVersion", "3.6.0.10");
Found : user_pref("CT2724407.Locale", "de");
Found : user_pref("CT2724407.MCDetectTooltipHeight", "83");
Found : user_pref("CT2724407.MCDetectTooltipShow", false);
Found : user_pref("CT2724407.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2724407.MCDetectTooltipWidth", "295");
Found : user_pref("CT2724407.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT2724407.OriginalFirstVersion", "3.6.0.10");
Found : user_pref("CT2724407.RadioIsPodcast", false);
Found : user_pref("CT2724407.RadioLastCheckTime", "Fri Aug 26 2011 15:52:00 GMT+0200");
Found : user_pref("CT2724407.RadioLastUpdateIPServer", "0");
Found : user_pref("CT2724407.RadioMediaID", "21080119");
Found : user_pref("CT2724407.RadioMediaType", "Media Player");
Found : user_pref("CT2724407.RadioMenuSelectedID", "EBRadioMenu_CT272440721080119");
Found : user_pref("CT2724407.RadioShrinked", "shrinked");
Found : user_pref("CT2724407.RadioShrinkedFromSetup", true);
Found : user_pref("CT2724407.RadioStationName", "Royal-Radio%20");
Found : user_pref("CT2724407.RadioStationURL", "");
Found : user_pref("CT2724407.SHRINK_TOOLBAR", 0);
Found : user_pref("CT2724407.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2724407.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT272[...]
Found : user_pref("CT2724407.SearchInNewTabEnabled", true);
Found : user_pref("CT2724407.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2724407.SearchInNewTabLastCheckTime", "Fri Aug 26 2011 15:52:01 GMT+0200");
Found : user_pref("CT2724407.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2724407.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT2724407.SearchInNewTabUserEnabled", false);
Found : user_pref("CT2724407.ServiceMapLastCheckTime", "Wed Aug 31 2011 11:13:38 GMT+0200");
Found : user_pref("CT2724407.SettingsLastCheckTime", "Fri Aug 26 2011 15:52:00 GMT+0200");
Found : user_pref("CT2724407.SettingsLastUpdate", "1312118218");
Found : user_pref("CT2724407.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2724407.ThirdPartyComponentsLastCheck", "Fri Aug 26 2011 15:52:00 GMT+0200");
Found : user_pref("CT2724407.ThirdPartyComponentsLastUpdate", "1255344657");
Found : user_pref("CT2724407.ToolbarShrinkedFromSetup", true);
Found : user_pref("CT2724407.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2724407");
Found : user_pref("CT2724407.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT2724407.Uninstall", true);
Found : user_pref("CT2724407.UserID", "UN99675830740635277");
Found : user_pref("CT2724407.ValidationData_Toolbar", 2);
Found : user_pref("CT2724407.WeatherNetwork", "");
Found : user_pref("CT2724407.WeatherPollDate", "Fri Aug 26 2011 15:52:03 GMT+0200");
Found : user_pref("CT2724407.WeatherUnit", "C");
Found : user_pref("CT2724407.alertChannelId", "1116673");
Found : user_pref("CT2724407.approveUntrustedApps", false);
Found : user_pref("CT2724407.components.1000082", false);
Found : user_pref("CT2724407.components.1000234", false);
Found : user_pref("CT2724407.ct2724407.DialogsAlignMode", "LTR");
Found : user_pref("CT2724407.ct2724407.InvalidateCache", false);
Found : user_pref("CT2724407.ct2724407.LanguagePackLastCheckTime", "Wed Aug 31 2011 11:13:39 GMT+0200");
Found : user_pref("CT2724407.ct2724407.Locale", "de");
Found : user_pref("CT2724407.ct2724407.RadioLastCheckTime", "Fri Aug 26 2011 15:52:01 GMT+0200");
Found : user_pref("CT2724407.ct2724407.RadioLastUpdateIPServer", "3");
Found : user_pref("CT2724407.ct2724407.RadioLastUpdateServer", "129249047784100000");
Found : user_pref("CT2724407.ct2724407.SearchInNewTabLastCheckTime", "Wed Aug 31 2011 11:13:36 GMT+0200");
Found : user_pref("CT2724407.ct2724407.SettingsLastCheckTime", "Wed Aug 31 2011 11:13:36 GMT+0200");
Found : user_pref("CT2724407.ct2724407.SettingsLastUpdate", "1314539878");
Found : user_pref("CT2724407.ct2724407.ThirdPartyComponentsLastCheck", "Fri Aug 26 2011 15:52:00 GMT+0200");
Found : user_pref("CT2724407.ct2724407.ThirdPartyComponentsLastUpdate", "1255344657");
Found : user_pref("CT2724407.ct2724407.components.129248972442534223", false);
Found : user_pref("CT2724407.ct2724407.components.129248974835231354", false);
Found : user_pref("CT2724407.ct2724407.components.129248976574606681", false);
Found : user_pref("CT2724407.ct2724407.components.129248977510712757", false);
Found : user_pref("CT2724407.ct2724407.globalFirstTimeInfoLastCheckTime", "Wed Aug 31 2011 11:13:39 GMT+0200[...]
Found : user_pref("CT2724407.ct2724407.toolbarAppMetaDataLastCheckTime", "Wed Aug 31 2011 11:13:39 GMT+0200"[...]
Found : user_pref("CT2724407.ct2724407.toolbarContextMenuLastCheckTime", "Fri Aug 26 2011 15:52:04 GMT+0200"[...]
Found : user_pref("CT2724407.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT2724407.globalFirstTimeInfoLastCheckTime", "Fri Aug 26 2011 15:52:01 GMT+0200");
Found : user_pref("CT2724407.homepageProtectorEnableByLogin", true);
Found : user_pref("CT2724407.initDone", true);
Found : user_pref("CT2724407.isAppTrackingManagerOn", true);
Found : user_pref("CT2724407.isFirstRadioInstallation", false);
Found : user_pref("CT2724407.myStuffEnabled", true);
Found : user_pref("CT2724407.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2724407.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2724407.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2724407.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2724407.oldAppsList", "129248971186128163,129248971186128164,111,129248972442534223,129[...]
Found : user_pref("CT2724407.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT2724407.searchProtectorEnableByLogin", true);
Found : user_pref("CT2724407.testingCtid", "");
Found : user_pref("CT2724407.toolbarAppMetaDataLastCheckTime", "Fri Aug 26 2011 15:52:00 GMT+0200");
Found : user_pref("CT2724407.toolbarContextMenuLastCheckTime", "Fri Aug 26 2011 15:52:03 GMT+0200");
Found : user_pref("CT2724407.usagesFlag", 2);
Found : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2269050&Search[...]
Found : user_pref("CommunityToolbar.ConduitSearchList", "DVDVideoSoftTB Customized Web Search");
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2269050/CT2269050[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/666138/661999/DE", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2724407", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2724407", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2724407",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2724407&octid=[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=ct2724407&octid=[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"634[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"975[...]
Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\MandyMarco\\AppData\\Roaming\\Mozil[...]
Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.8.1.0");
Found : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_e[...]
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://www.finduny.com?client=mozilla-fi[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT2724407,CT2269050");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2724407,CT2269050");
Found : user_pref("CommunityToolbar.ToolbarsList4", "CT2724407,CT2269050");
Found : user_pref("CommunityToolbar.globalUserId", "155c99a6-27af-48ed-8045-6dcecac0ca59");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2269050");
Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu Dec 22 2011 10:45:3[...]
Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Thu Dec 22 2011 11:45:39 GMT+010[...]
Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.notifications.locale", "en");
Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Thu Dec 22 2011 10:45:31 GMT+0100");
Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.notifications.userId", "f85c0e72-ff58-45e4-bb19-32802318bd58");
Found : user_pref("CommunityToolbar.originalHomepage", "hxxp://search.babylon.com/home?AF=8836");
Found : user_pref("CommunityToolbar.originalSearchEngine", "foxsearch");
Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Found : user_pref("browser.babylon.HPOnNewTab,s", "search.babylon.com");
Found : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=112792&tt=280612_5_&babsrc=NT_ss&m[...]
Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112792&tt=280612_5_");
Found : user_pref("extensions.BabylonToolbar_i.hardId", "30a55ccc000000000000000000000000");
Found : user_pref("extensions.BabylonToolbar_i.id", "30a55ccc000000000000000000000000");
Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15522");
Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1714:09:40");
Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Found : user_pref("extensions.funmoods_i.aflt", "ironto");
Found : user_pref("extensions.funmoods_i.dfltLng", "");
Found : user_pref("extensions.funmoods_i.dfltSrch", true);
Found : user_pref("extensions.funmoods_i.dnsErr", true);
Found : user_pref("extensions.funmoods_i.excTlbr", false);
Found : user_pref("extensions.funmoods_i.hmpg", true);
Found : user_pref("extensions.funmoods_i.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=ironto");
Found : user_pref("extensions.funmoods_i.id", "30a55ccc000000000000000000000000");
Found : user_pref("extensions.funmoods_i.instlDay", "15361");
Found : user_pref("extensions.funmoods_i.instlRef", "");
Found : user_pref("extensions.funmoods_i.newTab", true);
Found : user_pref("extensions.funmoods_i.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=ironto");
Found : user_pref("extensions.funmoods_i.prdct", "funmoods");
Found : user_pref("extensions.funmoods_i.prtnrId", "funmoods");
Found : user_pref("extensions.funmoods_i.smplGrp", "none");
Found : user_pref("extensions.funmoods_i.srchPrvdr", "Search");
Found : user_pref("extensions.funmoods_i.tlbrId", "base");
Found : user_pref("extensions.funmoods_i.tlbrSrchUrl", "hxxp://start.funmoods.com/results.php?f=3&a=ironto&q[...]
Found : user_pref("extensions.funmoods_i.vrsn", "1.5.11.1");
Found : user_pref("extensions.funmoods_i.vrsnTs", "1.5.11.110:54:55");
Found : user_pref("extensions.funmoods_i.vrsni", "1.5.11.1");
Found : user_pref("extensions.incredibar_i.aflt", "orgnl");
Found : user_pref("extensions.incredibar_i.dfltLng", "");
Found : user_pref("extensions.incredibar_i.did", "10604");
Found : user_pref("extensions.incredibar_i.excTlbr", "false");
Found : user_pref("extensions.incredibar_i.hardId", "30a55ccc000000000000000000000000");
Found : user_pref("extensions.incredibar_i.id", "30a55ccc000000000000000000000000");
Found : user_pref("extensions.incredibar_i.installerproductid", "26");
Found : user_pref("extensions.incredibar_i.instlDay", "15356");
Found : user_pref("extensions.incredibar_i.instlRef", "");
Found : user_pref("extensions.incredibar_i.ms_url_id", "");
Found : user_pref("extensions.incredibar_i.newTab", false);
Found : user_pref("extensions.incredibar_i.ppd", "");
Found : user_pref("extensions.incredibar_i.prdct", "incredibar");
Found : user_pref("extensions.incredibar_i.productid", "26");
Found : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Found : user_pref("extensions.incredibar_i.smplGrp", "none");
Found : user_pref("extensions.incredibar_i.tlbrId", "base");
Found : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=1ex6anR4tqt&loc=I[...]
Found : user_pref("extensions.incredibar_i.upn2", "1ex6anR4tqt");
Found : user_pref("extensions.incredibar_i.upn2n", "1036045520545591981");
Found : user_pref("extensions.incredibar_i.vrsn", "1.5.3.27");
Found : user_pref("extensions.incredibar_i.vrsnTs", "1.5.3.2712:02:56");
Found : user_pref("extensions.incredibar_i.vrsni", "1.5.3.27");
-\\ Google Chrome v20.0.1132.57
File : C:\Users\MandyMarco\AppData\Local\Google\Chrome\User Data\Default\Preferences
Found : "homepage": "hxxp://search.conduit.com/?ctid=CT3008547&SearchSource=48",
Found : "urls_to_restore_on_startup": [ "hxxp://search.conduit.com/?ctid=CT3008547&SearchSource=48"[...]
Found : "icon_url": "hxxp://search.conduit.com/fav.ico",
Found : "keyword": "search.conduit.com",
Found : "name": "Conduit",
Found : "search_url": "hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT3[...]
Found : "suggest_url": "hxxp://search.conduit.com/"
Found : "homepage": "hxxp://search.conduit.com/?ctid=CT3008547&SearchSource=48",
Found : "name": "Conduit Chrome Plugin",
Found : "path": "C:\\Users\\MandyMarco\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensi[...]
Found : "name": "Conduit Chrome Plugin"
Found : "path": "C:\\Users\\MandyMarco\\AppData\\LocalLow\\Unity\\WebPlayer\\loader\\npUnity3D32.dl[...]
Found : "urls_to_restore_on_startup": [ "hxxp://search.conduit.com/?ctid=CT3008547&SearchSource=48" ]
*************************
AdwCleaner[R1].txt - [42163 octets] - [01/08/2012 13:36:27]
########## EOF - C:\AdwCleaner[R1].txt - [42292 octets] ##########
DANKE |
|
01.08.2012, 12:46
| #8 |
| /// Helfer-Team | Computer gesperrt Bundespolizei 100 Euro Trojaner Sehr gut!
danach: Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html |
|
01.08.2012, 14:15
| #9 |
| | Computer gesperrt Bundespolizei 100 Euro Trojaner so fertig....  hier der von emsi: Code:
ATTFilter Emsisoft Anti-Malware - Version 6.6
Letztes Update: 01.08.2012 14:15:53
Scan Einstellungen:
Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\
Archiv Scan: An
ADS Scan: An
Scan Beginn: 01.08.2012 14:16:09
Gescannt 618050
Gefunden 0
Scan Ende: 01.08.2012 15:11:44
Scan Zeit: 0:55:35
Code:
ATTFilter # AdwCleaner v1.703 - Logfile created 08/01/2012 at 13:50:09
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : MandyMarco - MANDYMARCO-PC
# Running from : C:\Users\MandyMarco\Downloads\adwcleaner (1).exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Folder Deleted : C:\Users\MandyMarco\AppData\Local\Conduit
Folder Deleted : C:\Users\MandyMarco\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\MandyMarco\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\MandyMarco\AppData\LocalLow\Funmoods
Folder Deleted : C:\Users\MandyMarco\AppData\LocalLow\Incredibar.com
Folder Deleted : C:\Users\MandyMarco\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\MandyMarco\AppData\Roaming\Mozilla\Firefox\Profiles\dh90lrum.default\ConduitCommon
Folder Deleted : C:\Program Files\Babylon
Folder Deleted : C:\Program Files (x86)\Conduit
File Deleted : C:\Users\MandyMarco\AppData\Roaming\Mozilla\Firefox\Profiles\dh90lrum.default\searchplugins\Askcom.xml
File Deleted : C:\Users\MandyMarco\AppData\Roaming\Mozilla\Firefox\Profiles\dh90lrum.default\searchplugins\Conduit.xml
File Deleted : C:\Users\MandyMarco\AppData\Roaming\Mozilla\Firefox\Profiles\dh90lrum.default\searchplugins\funmoods.xml
File Deleted : C:\Users\MandyMarco\AppData\Roaming\Mozilla\Firefox\Profiles\dh90lrum.default\searchplugins\MyStart Search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2269050[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2475029[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2724407
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Software
***** [Registre - GUID] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.7601.17514
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://isearch.avg.com/?cid={4D7B8DE2-05E8-4CA4-A66F-992BC3D7B62F}&mid=4d361e1b0e784f78af3b925f24f329f7-86387b2fb7aec00a910c3dc7252a8d4e432d541f&lang=de&ds=hk011&pr=sa&d=2012-07-05 07:32:18&v=11.1.0.12&sap=hp --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affid=112792&tt=280612_5_&babsrc=nt_ss&mntrid=30a55ccc000000000000000000000000 --> hxxp://www.google.com
-\\ Mozilla Firefox v14.0.1 (de)
Profile name : default
File : C:\Users\MandyMarco\AppData\Roaming\Mozilla\Firefox\Profiles\dh90lrum.default\prefs.js
C:\Users\MandyMarco\AppData\Roaming\Mozilla\Firefox\Profiles\dh90lrum.default\user.js ... Deleted !
Deleted : user_pref("CT2269050..clientLogIsEnabled", false);
Deleted : user_pref("CT2269050..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2269050..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2269050.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2269050.BrowserCompStateIsOpen_129681780741097243", true);
Deleted : user_pref("CT2269050.BrowserCompStateIsOpen_129853623028165512", true);
Deleted : user_pref("CT2269050.CTID", "CT2269050");
Deleted : user_pref("CT2269050.CurrentServerDate", "29-7-2012");
Deleted : user_pref("CT2269050.DSInstall", true);
Deleted : user_pref("CT2269050.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2269050.DialogsGetterLastCheckTime", "Thu Jul 26 2012 19:52:33 GMT+0200");
Deleted : user_pref("CT2269050.DownloadReferralCookieData", "");
Deleted : user_pref("CT2269050.EMailNotifierPollDate", "Thu Dec 22 2011 10:55:34 GMT+0100");
Deleted : user_pref("CT2269050.FirstServerDate", "22-12-2011");
Deleted : user_pref("CT2269050.FirstTime", true);
Deleted : user_pref("CT2269050.FirstTimeFF3", true);
Deleted : user_pref("CT2269050.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2269050.HPInstall", true);
Deleted : user_pref("CT2269050.HasUserGlobalKeys", true);
Deleted : user_pref("CT2269050.HomePageProtectorEnabled", true);
Deleted : user_pref("CT2269050.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=[...]
Deleted : user_pref("CT2269050.Initialize", true);
Deleted : user_pref("CT2269050.InitializeCommonPrefs", true);
Deleted : user_pref("CT2269050.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2269050.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2269050.InstalledDate", "Thu Dec 22 2011 10:45:32 GMT+0100");
Deleted : user_pref("CT2269050.InvalidateCache", false);
Deleted : user_pref("CT2269050.IsGrouping", false);
Deleted : user_pref("CT2269050.IsInitSetupIni", true);
Deleted : user_pref("CT2269050.IsMulticommunity", false);
Deleted : user_pref("CT2269050.IsOpenThankYouPage", false);
Deleted : user_pref("CT2269050.IsOpenUninstallPage", false);
Deleted : user_pref("CT2269050.IsProtectorsInit", true);
Deleted : user_pref("CT2269050.LanguagePackLastCheckTime", "Sun Jul 29 2012 15:30:03 GMT+0200");
Deleted : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2269050.LastLogin_3.12.0.7", "Fri Apr 27 2012 17:54:29 GMT+0200");
Deleted : user_pref("CT2269050.LastLogin_3.12.2.3", "Wed May 30 2012 17:32:26 GMT+0200");
Deleted : user_pref("CT2269050.LastLogin_3.13.0.6", "Thu Jun 28 2012 10:28:39 GMT+0200");
Deleted : user_pref("CT2269050.LastLogin_3.14.1.0", "Sun Jul 29 2012 19:30:57 GMT+0200");
Deleted : user_pref("CT2269050.LastLogin_3.8.1.0", "Thu Dec 22 2011 10:45:34 GMT+0100");
Deleted : user_pref("CT2269050.LatestVersion", "3.14.1.0");
Deleted : user_pref("CT2269050.Locale", "en");
Deleted : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2269050.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2269050.OriginalFirstVersion", "3.8.1.0");
Deleted : user_pref("CT2269050.RadioIsPodcast", false);
Deleted : user_pref("CT2269050.RadioLastCheckTime", "Thu Dec 22 2011 10:45:34 GMT+0100");
Deleted : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Deleted : user_pref("CT2269050.RadioMediaID", "12473383");
Deleted : user_pref("CT2269050.RadioMediaType", "Media Player");
Deleted : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Deleted : user_pref("CT2269050.RadioShrinkedFromSetup", false);
Deleted : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Deleted : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Deleted : user_pref("CT2269050.SavedHomepage", "hxxp://search.babylon.com/home?AF=8836");
Deleted : user_pref("CT2269050.SearchCaption", "DVDVideoSoftTB Customized Web Search");
Deleted : user_pref("CT2269050.SearchEngineBeforeUnload", "DVDVideoSoftTB Customized Web Search");
Deleted : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Deleted : user_pref("CT2269050.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Sun Jul 29 2012 15:30:01 GMT+0200");
Deleted : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Deleted : user_pref("CT2269050.SearchProtectorEnabled", true);
Deleted : user_pref("CT2269050.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT2269050.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT2269050.ServiceMapLastCheckTime", "Sun Jul 29 2012 15:30:03 GMT+0200");
Deleted : user_pref("CT2269050.SettingsLastCheckTime", "Sun Jul 29 2012 19:30:55 GMT+0200");
Deleted : user_pref("CT2269050.SettingsLastUpdate", "1341904940");
Deleted : user_pref("CT2269050.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13");
Deleted : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Thu Dec 22 2011 10:45:30 GMT+0100");
Deleted : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1312887586");
Deleted : user_pref("CT2269050.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2269050.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2269050");
Deleted : user_pref("CT2269050.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2269050.UserID", "UN20331080851063832");
Deleted : user_pref("CT2269050.ValidationData_Toolbar", 1);
Deleted : user_pref("CT2269050.WeatherNetwork", "");
Deleted : user_pref("CT2269050.WeatherPollDate", "Thu Dec 22 2011 10:45:33 GMT+0100");
Deleted : user_pref("CT2269050.WeatherUnit", "C");
Deleted : user_pref("CT2269050.alertChannelId", "666138");
Deleted : user_pref("CT2269050.autoDisableScopes", -1);
Deleted : user_pref("CT2269050.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D4[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e.:2z527", "247E70756B74757945473D3E3C3D3F3B224D4245327A342[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e06cg5el8:", "6E6D6F6E6E706E747675");
Deleted : user_pref("CT2269050.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A747375747476747A7C7B242F4B4947[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e31;cj7fk;kg#ncep@mc+vkn", "247E61393F236B25737471712A212C6[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347474[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215[...]
Deleted : user_pref("CT2269050.backendstorage./9b-0?3g>d", "3B3B6D694274726F7A74777347207D4B4C7D257E7C537E2A20[...]
Deleted : user_pref("CT2269050.backendstorage./9b-0?3g@6:5;", "");
Deleted : user_pref("CT2269050.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
Deleted : user_pref("CT2269050.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F297B7E7D21202F26313E424[...]
Deleted : user_pref("CT2269050.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
Deleted : user_pref("CT2269050.backendstorage./9b3=>@44i48?", "372C2D32697576334236334148477A213F3E484F4E4D464[...]
Deleted : user_pref("CT2269050.backendstorage./9b5ba==9cjag", "6F6A6F3C6B7040737A46454475737D7A4B797A7A4F");
Deleted : user_pref("CT2269050.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6F6E6E706E75737672747A");
Deleted : user_pref("CT2269050.backendstorage./9b9643g3/9e", "6A");
Deleted : user_pref("CT2269050.backendstorage./9b<:222h64<", "393F352F3E");
Deleted : user_pref("CT2269050.backendstorage./9b=+03eh8h8j?:", "4443");
Deleted : user_pref("CT2269050.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]
Deleted : user_pref("CT2269050.backendstorage./9b?b0d:8aj62<h", "6D");
Deleted : user_pref("CT2269050.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
Deleted : user_pref("CT2269050.backendstorage.shoppingapp.gk.exipres", "5475652044656320323720323031312031303A[...]
Deleted : user_pref("CT2269050.backendstorage.shoppingapp.gk.geolocation", "6765726D616E79");
Deleted : user_pref("CT2269050.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2269050.globalFirstTimeInfoLastCheckTime", "Thu Dec 22 2011 10:45:31 GMT+0100");
Deleted : user_pref("CT2269050.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2269050.initDone", true);
Deleted : user_pref("CT2269050.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2269050.isFirstRadioInstallation", false);
Deleted : user_pref("CT2269050.myStuffEnabled", true);
Deleted : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2269050.revertSettingsEnabled", true);
Deleted : user_pref("CT2269050.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2269050.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2269050.testingCtid", "");
Deleted : user_pref("CT2269050.toolbarAppMetaDataLastCheckTime", "Sun Jul 29 2012 15:30:03 GMT+0200");
Deleted : user_pref("CT2269050.toolbarContextMenuLastCheckTime", "Thu Dec 22 2011 10:45:34 GMT+0100");
Deleted : user_pref("CT2269050.usagesFlag", 2);
Deleted : user_pref("CT2724407..clientLogIsEnabled", true);
Deleted : user_pref("CT2724407..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2724407..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2724407.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2724407.CTID", "ct2724407");
Deleted : user_pref("CT2724407.CurrentServerDate", "31-8-2011");
Deleted : user_pref("CT2724407.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2724407.DialogsGetterLastCheckTime", "Wed Aug 31 2011 11:13:39 GMT+0200");
Deleted : user_pref("CT2724407.DownloadReferralCookieData", "");
Deleted : user_pref("CT2724407.FirstServerDate", "26-8-2011");
Deleted : user_pref("CT2724407.FirstTime", true);
Deleted : user_pref("CT2724407.FirstTimeFF3", true);
Deleted : user_pref("CT2724407.FixPageNotFoundErrors", false);
Deleted : user_pref("CT2724407.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2724407.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2724407.HasUserGlobalKeys", true);
Deleted : user_pref("CT2724407.Initialize", true);
Deleted : user_pref("CT2724407.InitializeCommonPrefs", true);
Deleted : user_pref("CT2724407.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2724407.InstallationId", "ConduitStubGeneric");
Deleted : user_pref("CT2724407.InstallationType", "ConduitStubIntegration");
Deleted : user_pref("CT2724407.InstalledDate", "Fri Aug 26 2011 15:52:00 GMT+0200");
Deleted : user_pref("CT2724407.InvalidateCache", false);
Deleted : user_pref("CT2724407.IsAlertDBUpdated", true);
Deleted : user_pref("CT2724407.IsGrouping", false);
Deleted : user_pref("CT2724407.IsInitSetupIni", true);
Deleted : user_pref("CT2724407.IsMulticommunity", false);
Deleted : user_pref("CT2724407.IsOpenThankYouPage", false);
Deleted : user_pref("CT2724407.IsOpenUninstallPage", true);
Deleted : user_pref("CT2724407.LanguagePackLastCheckTime", "Fri Aug 26 2011 15:52:04 GMT+0200");
Deleted : user_pref("CT2724407.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2724407.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2724407.LastLogin_3.6.0.10", "Wed Aug 31 2011 11:13:39 GMT+0200");
Deleted : user_pref("CT2724407.LatestVersion", "3.6.0.10");
Deleted : user_pref("CT2724407.Locale", "de");
Deleted : user_pref("CT2724407.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2724407.MCDetectTooltipShow", false);
Deleted : user_pref("CT2724407.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2724407.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2724407.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2724407.OriginalFirstVersion", "3.6.0.10");
Deleted : user_pref("CT2724407.RadioIsPodcast", false);
Deleted : user_pref("CT2724407.RadioLastCheckTime", "Fri Aug 26 2011 15:52:00 GMT+0200");
Deleted : user_pref("CT2724407.RadioLastUpdateIPServer", "0");
Deleted : user_pref("CT2724407.RadioMediaID", "21080119");
Deleted : user_pref("CT2724407.RadioMediaType", "Media Player");
Deleted : user_pref("CT2724407.RadioMenuSelectedID", "EBRadioMenu_CT272440721080119");
Deleted : user_pref("CT2724407.RadioShrinked", "shrinked");
Deleted : user_pref("CT2724407.RadioShrinkedFromSetup", true);
Deleted : user_pref("CT2724407.RadioStationName", "Royal-Radio%20");
Deleted : user_pref("CT2724407.RadioStationURL", "");
Deleted : user_pref("CT2724407.SHRINK_TOOLBAR", 0);
Deleted : user_pref("CT2724407.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2724407.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT272[...]
Deleted : user_pref("CT2724407.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2724407.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2724407.SearchInNewTabLastCheckTime", "Fri Aug 26 2011 15:52:01 GMT+0200");
Deleted : user_pref("CT2724407.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2724407.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2724407.SearchInNewTabUserEnabled", false);
Deleted : user_pref("CT2724407.ServiceMapLastCheckTime", "Wed Aug 31 2011 11:13:38 GMT+0200");
Deleted : user_pref("CT2724407.SettingsLastCheckTime", "Fri Aug 26 2011 15:52:00 GMT+0200");
Deleted : user_pref("CT2724407.SettingsLastUpdate", "1312118218");
Deleted : user_pref("CT2724407.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2724407.ThirdPartyComponentsLastCheck", "Fri Aug 26 2011 15:52:00 GMT+0200");
Deleted : user_pref("CT2724407.ThirdPartyComponentsLastUpdate", "1255344657");
Deleted : user_pref("CT2724407.ToolbarShrinkedFromSetup", true);
Deleted : user_pref("CT2724407.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2724407");
Deleted : user_pref("CT2724407.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2724407.Uninstall", true);
Deleted : user_pref("CT2724407.UserID", "UN99675830740635277");
Deleted : user_pref("CT2724407.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2724407.WeatherNetwork", "");
Deleted : user_pref("CT2724407.WeatherPollDate", "Fri Aug 26 2011 15:52:03 GMT+0200");
Deleted : user_pref("CT2724407.WeatherUnit", "C");
Deleted : user_pref("CT2724407.alertChannelId", "1116673");
Deleted : user_pref("CT2724407.approveUntrustedApps", false);
Deleted : user_pref("CT2724407.components.1000082", false);
Deleted : user_pref("CT2724407.components.1000234", false);
Deleted : user_pref("CT2724407.ct2724407.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2724407.ct2724407.InvalidateCache", false);
Deleted : user_pref("CT2724407.ct2724407.LanguagePackLastCheckTime", "Wed Aug 31 2011 11:13:39 GMT+0200");
Deleted : user_pref("CT2724407.ct2724407.Locale", "de");
Deleted : user_pref("CT2724407.ct2724407.RadioLastCheckTime", "Fri Aug 26 2011 15:52:01 GMT+0200");
Deleted : user_pref("CT2724407.ct2724407.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2724407.ct2724407.RadioLastUpdateServer", "129249047784100000");
Deleted : user_pref("CT2724407.ct2724407.SearchInNewTabLastCheckTime", "Wed Aug 31 2011 11:13:36 GMT+0200");
Deleted : user_pref("CT2724407.ct2724407.SettingsLastCheckTime", "Wed Aug 31 2011 11:13:36 GMT+0200");
Deleted : user_pref("CT2724407.ct2724407.SettingsLastUpdate", "1314539878");
Deleted : user_pref("CT2724407.ct2724407.ThirdPartyComponentsLastCheck", "Fri Aug 26 2011 15:52:00 GMT+0200");
Deleted : user_pref("CT2724407.ct2724407.ThirdPartyComponentsLastUpdate", "1255344657");
Deleted : user_pref("CT2724407.ct2724407.components.129248972442534223", false);
Deleted : user_pref("CT2724407.ct2724407.components.129248974835231354", false);
Deleted : user_pref("CT2724407.ct2724407.components.129248976574606681", false);
Deleted : user_pref("CT2724407.ct2724407.components.129248977510712757", false);
Deleted : user_pref("CT2724407.ct2724407.globalFirstTimeInfoLastCheckTime", "Wed Aug 31 2011 11:13:39 GMT+0200[...]
Deleted : user_pref("CT2724407.ct2724407.toolbarAppMetaDataLastCheckTime", "Wed Aug 31 2011 11:13:39 GMT+0200"[...]
Deleted : user_pref("CT2724407.ct2724407.toolbarContextMenuLastCheckTime", "Fri Aug 26 2011 15:52:04 GMT+0200"[...]
Deleted : user_pref("CT2724407.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2724407.globalFirstTimeInfoLastCheckTime", "Fri Aug 26 2011 15:52:01 GMT+0200");
Deleted : user_pref("CT2724407.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2724407.initDone", true);
Deleted : user_pref("CT2724407.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2724407.isFirstRadioInstallation", false);
Deleted : user_pref("CT2724407.myStuffEnabled", true);
Deleted : user_pref("CT2724407.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2724407.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2724407.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2724407.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2724407.oldAppsList", "129248971186128163,129248971186128164,111,129248972442534223,129[...]
Deleted : user_pref("CT2724407.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2724407.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2724407.testingCtid", "");
Deleted : user_pref("CT2724407.toolbarAppMetaDataLastCheckTime", "Fri Aug 26 2011 15:52:00 GMT+0200");
Deleted : user_pref("CT2724407.toolbarContextMenuLastCheckTime", "Fri Aug 26 2011 15:52:03 GMT+0200");
Deleted : user_pref("CT2724407.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2269050&Search[...]
Deleted : user_pref("CommunityToolbar.ConduitSearchList", "DVDVideoSoftTB Customized Web Search");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2269050/CT2269050[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/666138/661999/DE", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2724407", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2724407", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2724407",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2724407&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=ct2724407&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"634[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"975[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\MandyMarco\\AppData\\Roaming\\Mozil[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.8.1.0");
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_e[...]
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://www.finduny.com?client=mozilla-fi[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2724407,CT2269050");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2724407,CT2269050");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2724407,CT2269050");
Deleted : user_pref("CommunityToolbar.globalUserId", "155c99a6-27af-48ed-8045-6dcecac0ca59");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2269050");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu Dec 22 2011 10:45:3[...]
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Thu Dec 22 2011 11:45:39 GMT+010[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Thu Dec 22 2011 10:45:31 GMT+0100");
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "f85c0e72-ff58-45e4-bb19-32802318bd58");
Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://search.babylon.com/home?AF=8836");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "foxsearch");
Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Deleted : user_pref("browser.babylon.HPOnNewTab,s", "search.babylon.com");
Deleted : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=112792&tt=280612_5_&babsrc=NT_ss&m[...]
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112792&tt=280612_5_");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "30a55ccc000000000000000000000000");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "30a55ccc000000000000000000000000");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15522");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1714:09:40");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Deleted : user_pref("extensions.funmoods_i.aflt", "ironto");
Deleted : user_pref("extensions.funmoods_i.dfltLng", "");
Deleted : user_pref("extensions.funmoods_i.dfltSrch", true);
Deleted : user_pref("extensions.funmoods_i.dnsErr", true);
Deleted : user_pref("extensions.funmoods_i.excTlbr", false);
Deleted : user_pref("extensions.funmoods_i.hmpg", true);
Deleted : user_pref("extensions.funmoods_i.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=ironto");
Deleted : user_pref("extensions.funmoods_i.id", "30a55ccc000000000000000000000000");
Deleted : user_pref("extensions.funmoods_i.instlDay", "15361");
Deleted : user_pref("extensions.funmoods_i.instlRef", "");
Deleted : user_pref("extensions.funmoods_i.newTab", true);
Deleted : user_pref("extensions.funmoods_i.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=ironto");
Deleted : user_pref("extensions.funmoods_i.prdct", "funmoods");
Deleted : user_pref("extensions.funmoods_i.prtnrId", "funmoods");
Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Deleted : user_pref("extensions.funmoods_i.srchPrvdr", "Search");
Deleted : user_pref("extensions.funmoods_i.tlbrId", "base");
Deleted : user_pref("extensions.funmoods_i.tlbrSrchUrl", "hxxp://start.funmoods.com/results.php?f=3&a=ironto&q[...]
Deleted : user_pref("extensions.funmoods_i.vrsn", "1.5.11.1");
Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.11.110:54:55");
Deleted : user_pref("extensions.funmoods_i.vrsni", "1.5.11.1");
Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
Deleted : user_pref("extensions.incredibar_i.did", "10604");
Deleted : user_pref("extensions.incredibar_i.excTlbr", "false");
Deleted : user_pref("extensions.incredibar_i.hardId", "30a55ccc000000000000000000000000");
Deleted : user_pref("extensions.incredibar_i.id", "30a55ccc000000000000000000000000");
Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
Deleted : user_pref("extensions.incredibar_i.instlDay", "15356");
Deleted : user_pref("extensions.incredibar_i.instlRef", "");
Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
Deleted : user_pref("extensions.incredibar_i.newTab", false);
Deleted : user_pref("extensions.incredibar_i.ppd", "");
Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar_i.productid", "26");
Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=1ex6anR4tqt&loc=I[...]
Deleted : user_pref("extensions.incredibar_i.upn2", "1ex6anR4tqt");
Deleted : user_pref("extensions.incredibar_i.upn2n", "1036045520545591981");
Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.3.27");
Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.3.2712:02:56");
Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.3.27");
-\\ Google Chrome v20.0.1132.57
File : C:\Users\MandyMarco\AppData\Local\Google\Chrome\User Data\Default\Preferences
Deleted : "homepage": "hxxp://search.conduit.com/?ctid=CT3008547&SearchSource=48",
Deleted : "urls_to_restore_on_startup": [ "hxxp://search.conduit.com/?ctid=CT3008547&SearchSource=48"[...]
Deleted : "icon_url": "hxxp://search.conduit.com/fav.ico",
Deleted : "keyword": "search.conduit.com",
Deleted : "name": "Conduit",
Deleted : "search_url": "hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT3[...]
Deleted : "suggest_url": "hxxp://search.conduit.com/"
Deleted : "homepage": "hxxp://search.conduit.com/?ctid=CT3008547&SearchSource=48",
Deleted : "name": "Conduit Chrome Plugin",
Deleted : "path": "C:\\Users\\MandyMarco\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensi[...]
Deleted : "name": "Conduit Chrome Plugin"
Deleted : "path": "C:\\Users\\MandyMarco\\AppData\\LocalLow\\Unity\\WebPlayer\\loader\\npUnity3D32.dl[...]
Deleted : "urls_to_restore_on_startup": [ "hxxp://search.conduit.com/?ctid=CT3008547&SearchSource=48" ]
*************************
AdwCleaner[R1].txt - [42234 octets] - [01/08/2012 13:36:27]
AdwCleaner[S1].txt - [40669 octets] - [01/08/2012 13:50:09]
########## EOF - C:\AdwCleaner[S1].txt - [40798 octets] ##########
|
|
01.08.2012, 14:41
| #10 |
| /// Helfer-Team | Computer gesperrt Bundespolizei 100 Euro Trojaner Sehr gut! Deinstalliere: Emsisoft Anti-Malware ESET Online Scanner Vorbereitung
|
|
01.08.2012, 19:29
| #11 |
| | Computer gesperrt Bundespolizei 100 Euro Trojaner So hier der Log von Eset. Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=770a7e4a4a792f4a92bb029f62d81987
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-01 06:04:30
# local_time=2012-08-01 08:04:30 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 132495 80376216 209051 0
# compatibility_mode=5893 16776573 100 94 893 95469210 0 0
# compatibility_mode=8192 67108863 100 0 511 511 0 0
# scanned=180797
# found=3
# cleaned=3
# scan_time=4910
C:\Users\MandyMarco\Downloads\registrybooster.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\MandyMarco\Downloads\WinZip165International.exe a variant of Win32/OpenInstall application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\07302012_061742\C_ProgramData\pybpfglstmboajn\main.html HTML/Ransom.B trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
|
|
02.08.2012, 04:00
| #12 |
| /// Helfer-Team | Computer gesperrt Bundespolizei 100 Euro Trojaner Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html |
|
02.08.2012, 05:20
| #13 |
| | Computer gesperrt Bundespolizei 100 Euro Trojaner Guten Morgen T-John, auch das hab ich jetzt erfolgreich erledigt, Danke für deine Hilfe..... |
|
02.08.2012, 05:29
| #14 |
| /// Helfer-Team | Computer gesperrt Bundespolizei 100 Euro Trojaner Sehr gut! damit bist Du sauber und entlassen!  Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
Zurücksetzen der Sicherheitszonen Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen. Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html Aufräumen mit CCleaner Lasse mit CCleaner (Download) (Anleitung) Fehler in der
Lektuere zum abarbeiten: http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html |
|
02.08.2012, 05:49
| #15 |
| | Computer gesperrt Bundespolizei 100 Euro Trojaner Vielen Vielen Dank für deine Hilfe T-John..... Sehr gute Hilfeseite, auch für Computerlaien...DANKE DANKE DANKE Lg Bella |
|
| Themen zu Computer gesperrt Bundespolizei 100 Euro Trojaner |
| 100 euro, absoluter, bella, beste, besten, bezahlen, brauche, bundespolizei, bundespolizeitrojaner, compu, computer, computer gesperrt, euro, gemeinde, gesperrt, google, liebe, pc gesperrt, sache, sachen, schritt, troja, trojane, trojaner |
Linear-Darstellung
